Upload
vudieu
View
214
Download
0
Embed Size (px)
Citation preview
Textmasterformat bearbeiten
Second Level
Third Level
– Fourth Level
Fifth Level
February 10, 2016
MTCS – Modular Train Control System
210.02.2016
Unique Liaison between Modularity and Safety
Open and modular railway computer platform
Based on standard hardware and software
Freely programmable
Certifiable up to SIL 4
Complies with EN5012x, EN 50155 and EN 50121-4 railway standard
Scalable safety-level - solely determined by application requirements
Comes with certification packages with certification from TÜV SÜD
310.02.2016
MTCS Innovations – Your Benefits
Suitable for wayside
and rolling stock
Pre-certified hardware
and software
No fixed end
application
Usage of open
standards
Family concept
Open software
interfaces
Various applications
with one safe platform
Real-time Ethernet
connection
Additional remote I/O
boxes
Synergy effects
Low risk, saves cost and
time
Application remains on
customer side
Interoperability, independent
of single supplier
Future-safe, long life-cycles
Highest programming
flexibility
Saves costs and installation
efforts
Safe and fast I/O with
growing I/O family
Less cabling, unlimited
system extension
4
Two Birds with One Stone –
MTCS for Rolling Stock and Wayside Applications
Rolling Stock Synergy effects
Wayside
CBI – Computer
Based Interlocking
CBTC – Communication
Based Train Control
TCMS – Train Control
Management System
ATO / ATP – Automated Train
Control / Protection (for ETCS,
PTC, CTCS, Klub-U)
MTCS suitable for all safety-
relevant rail applications
Saves costs and time-to-
market
5
Typical Use Case – On-Board Unit for ETCS
ETCS is the European train protection system
Train separation or collision avoidance
Line speed enforcement (emergency brake)
Temporary speed restrictions
MTCS provides major functions of the EVC
(European Vital Computer)
GSM-R communication
ETCS application computer
Interfaces to other ETCS equipment
Interfaces to train
MVB
Profibus
Balise Ethernet
GSM-R
Train
Interfaces
6
The Key for Variety –
Separation of Control and Application
User Safety
Application
Pre-Certified
Platform
Software
Pre-Certified
Hardware
Components
Done by MEN
Done by Customer
Competitive advantage
through full function control
Best use of core
competencies for all parties
One platform – many
applications
7
Safe Domain and I/O Domain
Safe I/OMVB, Profibus, Ethernet…
Virtual Safe CPU
CPU 3 – I/O processor
CPU 2Sync/
CompareCPU 1
Platform SWPlatform SW
EtherCAT masterPeripheral drivers
Safe communication
through black channel
Limits the effort of safe
application programming
Accelerates software
development
Fail-silent architecture
8
The Software Architecture Behind –
Safe Domain and I/O Domain
Pre-Certified
Hardware
Components
Application independent of
hardware
User Safety Application
Safety Communication
Layer
Safe QNX / Safe BSP
User Safety Application
Safety Communication
Layer
Safe QNX / Safe BSP
Safe Domain (CPU board) I/O Domain (CPU board)
Non-Safe Application
Communication,
Diagnosis, Services
Driver Libraries
Linux (Soft Real-Time)
Safe Domain (I/O board)
Safety Communication
Layer
I/O domain SW changeable
without recertification
Many applications with one
platform – saves cost
Pre-Certified Platform Software
Separation between safe application (QNX) and
communication (Linux)
Double execution of safe application on two separated
processors
Synchronization and compare between CPs and communication
layer
Different applications on one safety platform through high-
performance CPUs and QNX partitioning
9
Endless Programming Possibilities
User Safety Application
Safety Communication
Layer
Safe QNX / Safe BSP
User Safety Application
Safety Communication
Layer
Safe QNX / Safe BSP
Safe Domain (CPU board) I/O Domain (CPU board)
Non-Safe Application
Communication,
Diagnosis, Services
Driver Libraries
Linux (Soft Real-Time)
Based on open software interfaces (open API) and standard operating systems
Standard POSIX programming interface
Programming of safe domain application possible in:
C
Model-based (e.g. SCADE)
Soft PLC
Ada
Highest flexibility
Reduces overall cost
Future proof architecture
Compatible successor
products scheduled
Saves your software
investment
10
MTCS Family Members
Controller Unit MH50C, based on
dual-redundant CPU board F75P
For up to 6 I/O boards (either safe I/O
boards or usual interface boards for
Ethernet, Wi-Fi, GPS, MVB etc.)
Wide-range DC or AC power supply
Safe I/O cards for binary
input/output and frequency input
(more functions scheduled)
For use in controller unit or remote I/O
boxes
Safe remote I/O extension boxes Up to 4, 6, or 8 certifiable safe I/O boards
Real-time Ethernet interface with
chassis configuration switch
Compact housing
Flexible configuration
options
Expandable with up to
63 remote I/O boxes
Scalable SIL levels
(single cards for SIL 2,
two cards for SIL 3 / 4)
Close connection to
actors / sensors (less
cabling)
Improves signal
integrity
For virtually endless
system extension
11
Communication via Real-Time Ethernet
No Ethernet switches
needed
High availability with little
cabling effort
All I/Os (control unit and remote I/O boxes) are connected via
real-time Ethernet ”EtherCAT“
Communication protected via Safety over EtherCAT (FSOE)
protocol
Connected in a ring topology
Tolerates single failures like broken cables
Safe and fast I/O through
Safety over EtherCat
MH50C MTCS Controller
MTCS Remote I/O MTCS Remote I/O MTCS Remote I/O
Remote IO reduces cabling
effort / better signal integrity
12
MTCS Components with Guaranteed Safety
TÜV
CertificateTÜV
Assessment
Report
Safety CaseSafety User
Guide
F75P
QNX
BSP
QNX
Drivers
Pre-certification saves cost
and time
Safe CPU board F75P
Safe I/O cards
Lowers project risk on
customer side
13
Open and Modular System
MTCS is exclusively based on open industry standards in hardware, software and communication
Independence from single
supplier
Easy integration of third
party products
Easy exchange of obsolete
products
Standard hardware with
X86 host controller
CompactPCI industry
standard
Standard OS
(QNX, Linux)
Standard Ethernet
communication
Standard POSIX interface
for programming in “C”
14
Compliance to Market Standards
Safety requirements
EN 50126: Railway applications – The
Specification and Demonstration of
Reliability, Availability, Maintainability and
Safety (RAMS)
EN 50128: Railway applications –
Communications, signaling and processing
systems - Software for railway control and
protection systems
EN 50129: Railway applications –
Communications, signaling and processing
systems – Safety related electronic systems
for signaling
Environmental requirements
EN 50155 compliance
Extended temperature range
Shock and vibration resistant
Conformal coating
EMC-compatible with EN 50121-4
Immediately rail-ready
Qualified and tested for
reliable operation
15
Family Concept and Life-Cycle Management
Guaranteed availability of 10 years for all single
products
Change effect analysis document gives complete
traceability in case of redesign
Easy exchange of single parts through open standards
Growing family of hardware components including
software packages until 2050 scheduled
Unlimited life-cycle possible
Growing product range for
individual requirements
16
Unique Solution for the Rail Market
Usable for a multitude of varying rail applications through high modularity
Completely based on standards also reducing life-cycle cost of each rail project
Significant cost and time saving through pre-certification of hardware and
software
Certification packages with certificate from TÜV SÜD
Compliant to all relevant safety and environmental standards